Hi all.
I have one PC with only one user account on it. This PC is configured to accept remote desktop connections. This PC is 150 km away and teamviewer hangs on login, hence the RDP connection.
Last night I logged onto the PC to find 3 drives had been bitlocked :( 2 out of the 3 recovery files are in the recycle bin on one of the bitlocked drives (I found this by the properties of the .lnk files in the app data roaming folder)
After trawling through the event viewer I have noticed that many people have logged into the PC over the past few days from multiple countries except the usernames they provided are all over the place. (curt, test, test123, chandler, colin, admin, etc etc)
As a test I tried to log in using one of the usernames and the correct password and was denied.
How are they able to log into the PC by using those usernames that are not the username of the primary user account???